ephraimbuddy commented on a change in pull request #15295:
URL: https://github.com/apache/airflow/pull/15295#discussion_r611447356
##########
File path: airflow/www/security.py
##########
@@ -44,6 +46,24 @@
}
+class DefaultSessionInterface(SecureCookieSessionInterface):
+ """
+ Default cookie session interface.
+ This prevents creating flask sessions on REST API requests.
+ """
+
+ def save_session(self, *args, **kwargs):
+ """Prevent creating session from REST API requests."""
+ if g.get('login_from_api'):
+ return None
+ return super().save_session(*args, **kwargs)
+
+ @user_loaded_from_header.connect
+ def user_loaded_from_header(self, user=None): # pylint:
disable=unused-argument
+ """Set login_from_api in g"""
Review comment:
This is actually for a case where login is configured to be processed
through the header. Airflow did not configure this, but users may configure it.
We can remove it. Should I?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
